As eCommerce transactions increase in both number and value, the need for a secure system to send and receive data is paramount for any business. To this end, the SSL or secure socket layer protocol was developed. This protocol allows any information sent to or from a browser to be encrypted, and SSL certificates were created to ensure that the company providing the transaction portal is who they say they are, as well as to prevent the malicious use of data. SSL certificates and an SSL logo on your company Web site are great ways to let customers know that their transactions are safe and secure. But how does SSL really work?
SSL Basics – Encryption and Keys
At a basic level, SSL is intended to encrypt data that is being sent from one place to another through a browser. When a browser requests a secure page for a transaction – typically denoted by the “https” tag at the beginning of a Web address – the Web server queried sends back a certificate of its authenticity along with encrypted data and a key to decrypt the information. The customer’s browser then confirms that the certificate is still valid, and uses the key provided to send back the data to the server. The server decrypts the information, and sends out requested document and HTML data.
The most important aspect of this process is the use of the “keys” mentioned, and they come in two types: public and private. A Web server will have a private key and public key, which are symmetric – they can be used only to decrypt each other. When information from a secure Web site is requested, the site will send out information that is encrypted, along with the public version of its key. This allows a customer’s Web browser to verify that the information contains an authentic SSL certificate by using the key to decrypt the information, and then send back re-encrypted information using the same key. At the other end, the Web server will use its private key to decrypt the data – this way, even if the data is hijacked, it will be of no use unless one has the private key.
How SSL Certificates Work
SSL certificates are part of the information that is sent by a Web server in order to prove that it is a valid and trusted business or authority. In order to have an SSL certificate, a company must purchase one from a certificate authority, signing authority, certificate vendor or eCommerce Hosting provider. If the organization is large enough, such as a government agency, they may have their own certificate authority, allowing them to demonstrate that they are who they say they are. In the case of commercial businesses, however, a certificate must be purchased. While there are some sites that offer free SSL certificates, most of the companies that provide them are strictly regulated and can offer better validation options for clients. Certificate authorities, signing authorities and certificate vendors all offer the same basic product – SSL certificates – but vary in price and the type of validation they will offer for the end user.
Three Types of Validation
SSL validation comes in three main types: domain, organization, and extended. Domain validation SSL is the most basic, and the certificate authority will only check the right of the applicant to use the domain name they have, and clicking on the SSL seal will provide no other information. An organization SLL certificate will provide some vetted information about the company that has the seal, giving an enhanced level of visibility to users and allowing them to have more information available up-front. The highest level of validation certificate is what is known as extended validation, and will confirm the legal, physical and operation existence of a company, along with ensuring that the company’s identity matches official records, and that they have the exclusive right to use the domain name.
Purchasing an SSL certificate is an excellent way to assure customers that your Web site is secure and trustworthy, and depending on the type of products and the cost of items sold on your Web site, you may wish to consider a higher level of SSL validation or Warranty in order to give customers piece of mind. SSL certificates allow data to be encrypted between your Web site and a customer’s computer; an SSL certificate provided by a recognized vendor, like GeoTrust SSL Certificates from myhosting.com, can help provide assurances about a company’s existence and viability.